On Mon, 10 Oct 2005, ZHAO, BING wrote:
I am doing this CGI upload website, by saving files submitted by
other people, (there is no problem with the storage capacity)
Famous last words.
What happens when someone points a malicious program towards your script
that uploads not a simple file, but unending random data? Eventually, if
you don't cut off the connection, it *will* fill up your storage.
There *MUST* be an upper bound on what you will accept for uploads.
*ESPECIALLY* if you're thinking of keeping these uploads around for an
extended period of time.
Figure out how to throttle how much data users can upload. You'll be
glad you did. Better still, figure out how other people are solving this
problem, as your wheel is unlikely to be any rounder than theirs are.
You'll be even gladder that you didn't have to write it from scratch.
--
Chris Devers
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
